Automated teller machine providing withdrawals with a single authentication factor

ABSTRACT

An automated teller machine includes a processor, a wireless communications module, a cash dispenser, and a memory. The memory stores instructions that, when executed by the processor, cause the automated teller machine to detect, using the wireless communications module, that an authentication token capable of wireless communication has been brought into communications range of the module and communicate with the authentication token to cryptographically authenticate the token and to receive information identifying an account associated with the token. Then, without receiving user-input providing a second authentication factor the automated teller machine initiates processing of a withdrawal of a specified quantity of cash from the account. The processing of the withdrawal includes determining, based on an automated assessment of compliance with one or more policies, that the withdrawal is executable without further authentication. The automated teller machine then dispenses, using the cash dispenser, the specified quantity of cash.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.16/274,617 entitled “AUTOMATED TELLER MACHINE PROVIDING WITHDRAWALS WITHA SINGLE AUTHENTICATION FACTOR”, filed on Feb. 13, 2019, the contents ofwhich are herein incorporated by reference in their entirety.

FIELD

This relates to automated teller machines (ATMs) and, more particularly,to automated teller machines supporting withdrawals authorized based ona single authentication factor such as, for example, provision of acontactless card.

BACKGROUND

Automated teller machines (ATMs) (also known as automated bankingmachines (ABMs)) allow customers of financial institutions to performoperations like making withdrawals and deposits without requiring theuse of a human teller. In order to provide security for customerfinancial accounts, customers must authenticate to the ATM.

Conventional ATM authentication is two-factor: a customer must providean ATM card and must also key a personal identification number (PIN).The ATM card is typically an ISO-sized card, usually made of plastic,with a magnetic stripe and/or a smart chip encoding identifyinginformation. The PIN is a short sequence of digits such as, for example,a four-digit code. A user of an ATM must authenticate by providing theATM card and PIN before the ATM will allow them to perform anytransactions, including withdrawals.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are described in detail below, with reference to thefollowing drawings:

FIGS. 1A and 1B are simplified diagrams showing components of anautomated teller machine according to the subject matter of the presentapplication with an access panel of the automated teller machine closedand opened, respectively;

FIG. 2 is a schematic operation diagram illustrating an operatingenvironment of the automated teller machine of FIGS. 1A and 1B;

FIG. 3 is a logical block diagram of the automated teller machine ofFIGS. 1A and 1B;

FIG. 4 is a high-level operation diagram of an example computing device;

FIG. 5 depicts an example simplified software organization of theexample computing device of FIG. 4;

FIG. 6 provides a flowchart depicting example operations performed bythe automated teller machine of FIGS. 1A and 1B in servicing awithdrawal;

FIG. 7 provides a flowchart depicting example operations performed bythe automated teller machine of FIGS. 1A and 1B in selectively eitherservicing a withdrawal and/or providing access to a full suite oftransactions;

FIG. 8 shows a variant of the automated teller machine of FIGS. 1A and1B;

FIGS. 9A and 9B show variants of the automated teller machine of FIG. 8in which a wireless communication module is separable from the body ofthe automated teller machine; and

FIG. 10 shows an example use case of variants of the automated tellermachine of FIG. 8 in which a wireless communication module is separablefrom the body of the automated teller machine.

Like reference numerals are used in the drawings to denote like elementsand features.

DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS

According to the subject matter of the present application, there may beprovided an automated teller machine including a processor, a wirelesscommunications module, a value instrument dispenser and a memory. Thewireless communications module, the value instrument dispenser and thememory are coupled to the processor. The memory may store instructionsthat, when executed by the processor, cause the automated teller machineto detect, using the wireless communications module, that anauthentication token capable of wireless communication has been broughtinto communications range of the wireless communications module. Theinstructions, when executed, may further cause the processor tocommunicate with the authentication token using the wirelesscommunication module to cryptographically authenticate the token and toreceive information identifying an account associated with the token.The instructions, when executed, may further cause the processor to,without receiving user-input providing a second authentication factor,initiate processing of a withdrawal of a specified quantity of valueinstruments from the account, wherein processing the withdrawal includesdetermining, based on an automated assessment of compliance with one ormore policies, that the withdrawal is executable without furtherauthentication, and dispense, using the value instrument dispenser, thespecified quantity of value instruments.

Conveniently, in this way, withdrawals of value instruments (e.g., cash)may be performed more quickly without the need to enter a secondauthentication. Further, risk stemming from not requiring a secondauthentication factor is reduced and/or mitigated through automatedassessment of compliance with one or more policies that control orfactor into whether or not the transaction is executable. Notably, byallowing the ATM to make withdrawals without requiring a secondauthentication factor, it may be possible to provide ATMs in locationswhere the risk of a third-party observing entry of a secondauthentication factor like a PIN might represent an unacceptable risk.Further, regardless of location, providing withdrawals without requiringa second authentication factor may enhance ATM accessibility such as,for example, to persons identifying with disability. In a particularexample, an ATM providing withdrawals without requiring a secondauthentication factor may improve accessibility to persons identifyingwith intellectual disability who may have difficulty remembering a PINand/or to persons who may be unable and or may have difficulty enteringa PIN using a keypad. More broadly, providing withdrawals without asecond authentication factor may generally speed use of an automatedteller machine allowing it to service more transactions in a giveninterval, especially where many of the transactions performed using thatautomated teller machine are withdrawals. Notably, in some applicationsnearly two-thirds of all operations involving some automated tellermachines are withdrawals.

In some implementations, the automated teller machine may be adrive-thru automated teller machine. It may be that the wirelesscommunication module is disposed in a component of the drive-thruautomated teller machine linked to a body of the drive-thru automatedteller machine. That component may be configured to allow displacementthereof away from the body of the drive-thru automated teller machinetowards a vehicle visiting the drive-thru automated teller machine.

In some implementations, it may be that the instructions, when executedby the processor, further cause the automated teller machine to: detect,using the wireless communications module, that a second authenticationtoken capable of wireless communication has been brought intocommunications range of the wireless communications module; communicatewith the second authentication token using the wireless communicationmodule to cryptographically authenticate the second token and to receiveinformation identifying a second account associated with the secondtoken; determine, based on an automated assessment of compliance withone or more policies, that a second withdrawal of a specified quantityof value instruments from the second account requires furtherauthentication; and provide an indication requesting provision ofanother authentication factor.

In some implementations, the automated teller machine may furtherinclude an input device coupled to the processor. It may be that theinstructions, when executed by the processor, further cause theautomated teller machine to receive, using the input device, anidentification of the specified quantity of value instruments.

In some implementations, it may be that the specified quantity of valueinstruments is a pre-defined amount associated with at least one of thetoken and the account.

In some implementations, it may be that determining, based on theautomated assessment of compliance with the one or more policies, thatthe withdrawal is executable without further authentication includesdetermining that completing the withdrawal would not exceed a limit onwithdrawals from the account without use of the second authenticationfactor.

In some implementations, it may be that the token includes a paymentcard.

In some implementations, it may be that the automated teller machinedoes not include a contact card reader.

In some implementations, it may be that the second authentication factorincludes a personal identification number (PIN).

In some implementations, the automated teller machine may be awithdrawal-only automated teller machine.

According to the subject matter of the present application, there may beprovided a method of processing a withdrawal of value instruments. Themethod may include detecting that an authentication token capable ofwireless communication has been brought into communications range of anautomated teller machine; and communicating, by the automated tellermachine, wirelessly with the authentication token to cryptographicallyauthenticate the token and to receive information identifying an accountassociated with the authentication token. The method may furtherinclude, without receiving, by the automated teller machine, user-inputproviding a second authentication factor, initiating, by the automatedteller machine, processing of a withdrawal of a specified quantity ofvalue instruments from the account, wherein processing the withdrawalincludes determining, based on an automated assessment of compliancewith one or more policies, that the withdrawal is executable withoutfurther authentication, and dispensing, by the automated teller machine,the specified quantity of value instruments.

In some implementations, the method may further include detecting that asecond authentication token capable of wireless communication has beenbrought into communications range of the automated teller machine;communicate with the second authentication token to cryptographicallyauthenticate the second token and to receive information identifying asecond account associated with the second token; determining, based onan automated assessment of compliance with one or more policies, that asecond withdrawal of a specified quantity of value instruments from thesecond account requires further authentication; and providing anindication requesting provision of another authentication factor.

In some implementations, the method may further include receiving, bythe automated teller machine, an identification of the specifiedquantity of value instruments.

In some implementations, the specified quantity of value instruments maybe a pre-defined amount associated with at least one of theauthentication token and the account.

In some implementations, it may be that determining, based on theautomated assessment of compliance with the one or more policies, thatthe withdrawal is executable without further authentication includesdetermining that completing the withdrawal would exceed a limit onwithdrawals from the account without use of the second authenticationfactor.

In some implementations, the authentication token may include a paymentcard.

In some implementations, the automated teller machine may be operatingin an offline mode wherein withdrawals are processed withoutcommunicating with an automated teller machine network.

In some implementations, communicating, by the automated teller machine,wirelessly with the authentication token to authenticate theauthentication token may include the automated teller machine acting asa relay for communications between the authentication token and a remoteauthentication server.

In some implementations, the second authentication factor may include apersonal identification number (PIN).

According to the subject matter of the present application, there mayprovided a non-transitory computer-readable storage medium storinginstructions that, when executed by a processor of an automated tellermachine cause the automated teller machine to perform any one of theabove-discussed methods.

Other aspects and features of the present application will be understoodby those of ordinary skill in the art from a review of the followingdescription of examples in conjunction with the accompanying figures.

In the present application, the term “and/or” is intended to cover allpossible combinations and sub-combinations of the listed elements,including any one of the listed elements alone, any sub-combination, orall of the elements, and without necessarily excluding additionalelements.

In the present application, the phrase “at least one of . . . or . . . ”is intended to cover any one or more of the listed elements, includingany one of the listed elements alone, any sub-combination, or all of theelements, without necessarily excluding any additional elements, andwithout necessarily requiring all of the elements.

FIG. 1A and FIG. 1B are simplified diagrams showing the automated tellermachine 100. FIG. 1A shows the automated teller machine 100 with anaccess panel 110 closed and may correspond to the configuration of theautomated teller machine 100 during use. FIG. 1B shows the automatedteller machine 100 with the access panel 110 opened to reveal certaininternal components and may correspond to the configuration of theautomated teller machine 100 during servicing.

As illustrated, the automated teller machine 100 may include acontroller 120 (FIG. 1B), a display 130, a keypad 140, an item dispenser150, cassettes 160 (FIG. 1B), and a wireless token reader 170.

As further described below, the controller 120 is a computing device.For example, the controller 120 may include a processor that executesinstructions retrieved from a computer-readable medium thereby causingthe automated teller machine 100 to perform operations for providingaccess to banking services including access to withdrawals that areauthorized based on a single authentication factor.

The display 130 may for example, be a liquid-crystal display (LCD), acathode-ray tube (CRT), or the like. The display 130 is for presentinginformation such as to a user of the automated teller machine 100. Thedisplay 130 may present information under control of the controller 120.

The keypad 140 is an input device allowing input to be provided to theautomated teller machine 100. Input received via the keypad 140 may beconveyed to the controller 120.

The item dispenser 150 is a device allowing value instruments to bedispensed by the automated teller machine 100. For example, it may bethat the item dispenser 150 provides a single slot through which valueinstruments may be dispensed. Additionally or alternatively, the itemdispenser 150 may provide multiple slots. It may be that components orunits of the item dispenser 150 are specialized to a particular type ortypes of value instrument. For example, a particular component or unitof the item dispenser 150 may be adapted to receiving and/or dispensingbanknotes of one denomination, while another component or unit may beadapted to receiving and/or dispensing banknotes of anotherdenomination. Alternatively, it may be that the item dispenser 150 is amonolithic unit that handles all manner of value instruments.

As mentioned above, the automated teller machine includes one or morecassettes 160. The item dispenser 150 is in communication with thecassettes 160. Some or all of the cassettes 160 may be adapted todispense value instruments. For example, some of the cassettes 160 maybe for dispensing banknotes of particular denominations.

The item dispenser 150 and the cassettes 160 may be collectivelyconsidered a value instrument dispenser adapted to dispense valueinstruments such as to satisfy withdrawals from the automated tellermachine 100.

The wireless token reader 170 allows data to be exchanged with wirelessauthentication tokens. The wireless token reader 170 is a wirelesscommunications module. The wireless token reader 170 may communicatewith authentication tokens using one or more wireless protocols. In aparticular example, the wireless token reader may use near-fieldcommunication (NFC) to communicate with authentication tokens.Authentication tokens with which the wireless token reader 170communicates may take a variety of forms. For example, authenticationtokens with which the wireless token reader 170 may communicate mayinclude NFC-enabled ISO-sized cards and/or NFC-enabled devices such as,for example, NFC-enabled smartphones, smartwatches or other wearables,or implants such as, for example, implantable NFC-enabled microchips.

The automated teller machine 100 may be deployed in a variety ofmanners. For example, the automated teller machine 100 may, in somecases, operate in a partially offline mode. Additionally oralternatively, the automated teller machine 100 may communicate with oneor more other computing devices in order to perform its variousfunctions.

An example operating environment in which the automated teller machine100 communicates with another computing device is shown in FIG. 2. Asillustrated, the automated teller machine 100 may be in communicationwith a back-office server system 210 via a network 220.

The automated teller machine 100 and the back-office server system 210may be in geographically disparate locations. Put differently, theautomated teller machine 100 may be remote from the back-office serversystem 210, and vice-versa.

The automated teller machine 100 and the back-office server system 210are computer systems.

As mentioned above, the automated teller machine 100 is adapted toprovide access to banking services such as, for example, withdrawalsexecuted based on only a single authentication factor.

The back-office server system 210 is a server that provides one or moreback-office services to a financial institution including, for example,maintenance of accounts, payment processing, fraud detection and thelike. The back-office server system 210 may, for example, be a mainframecomputer, a minicomputer, or the like. In some embodiments, theback-office server system 210 may be formed of or may include one ormore computing devices. For example, the back-office server system 210may include and/or may communicate with multiple computing devices suchas, for example, database servers, compute servers, and the like. Forexample, the back-office server system 210 may be, may include and/ormay communicate with an ATM switch and/or an ATM middle tier system.Multiple computing devices such as these may be in communication using acomputer network. For example, such computing devices may communicateusing a local-area network (LAN). In some embodiments, the back-officeserver system 210 may include multiple computing devices organized in atiered arrangement. For example, the back-office server system 210 mayinclude middle tier and back-end computing devices such as, for example,the aforementioned ATM middle tier system and/or one or more financialinstitution and/or ATM system back-end server systems. In someembodiments, the back-office server system 210 may be a cluster formedof a plurality of interoperating computing devices.

The network 220 is a computer network. In some embodiments, the network220 may be an internetwork such as may be formed of one or moreinterconnected computer networks. For example, the network 220 may be ormay include an Ethernet network, an asynchronous transfer mode (ATM)network, a wireless network, and/or the like. Additionally oralternatively, one or more devices may communicate with the computernetwork by way of a plain-old telephone service (POTS) line such asusing a modem. In a particular example, the automated teller machine 100may communicate with the back-office server system 210, directly orindirectly, by way of a POTS line.

As further described below, in some embodiments, the automated tellermachine 100 and the back-office server system 210 may co-operate toallow the automated teller machine 100 to provide access to bankingservices such as, for example, withdrawals including withdrawals such asmay be authorized based on a single authentication factor.

Returning to discussion of particulars of the automated teller machine100, FIG. 3 is a logical block diagram of the automated teller machine100.

As described above, the automated teller machine 100 may include acontroller 120, a display 130, a keypad 140, an item dispenser 150,cassettes 160, and/or a wireless token reader 170. Additionally, asshown in FIG. 3, the automated teller machine 100 may include acommunications module 310.

The communications module 310 allows the automated teller machine 100 tocommunicate with other computing devices and/or various communicationsnetworks such as, for example, the network 220. In other words, thecommunications module 310 may allow the automated teller machine 100 tosend or receive communications signals. Communications signals may besent or received according to one or more protocols or according to oneor more standards. For example, the communications module 310 may allowthe automated teller machine 100 to communicate via an Ethernet network,an ATM network, a telephone network, and/or via cellular data network,such as for example, according to one or more standards such as, forexample, Global System for Mobile Communications (GSM), Code DivisionMultiple Access (CDMA), Evolution Data Optimized (EVDO), Long-termEvolution (LTE) or the like. Additionally or alternatively, thecommunications module 310 may allow the automated teller machine 100 tocommunicate via Wi-Fi™ or via some combination of one or more networksor protocols. In some embodiments, the wireless token reader 170 may beincluded in, may rely on, or may include the communications module 310.

FIG. 4 is a high-level operation diagram of an example computing device400. In some embodiments, the example computing device 400 may beexemplary of one or more of the controller 120 (FIG. 1B) and theback-office server system 210 (FIG. 2). As will be discussed in greaterdetail below, the automated teller machine 100 (FIG. 1) (and,potentially, the controller 120 in particular) includes software thatadapts it to perform a particular function. More particularly, softwareof the automated teller machine 100 adapts it to perform functionsincluding withdrawals authorized based on a single authenticationfactor. As mentioned above, the automated teller machine 100 mayco-operate with the back-office server system 210 in providing access tobanking services. Software of the back-office server system 210 mayadapt it to co-operate with the automated teller machine in providingaccess to banking services.

The example computing device 400 includes a variety of modules. Forexample, as illustrated, the example computing device 400 may include aprocessor 410, a memory 420, and an input/output (I/O) module 430. Asillustrated, the foregoing example modules of the example computingdevice 400 are in communication over a bus 440.

The processor 410 is a hardware processor. The processor 410 includes atleast one physical processor and at least one core, but may also includemore than one physical processor and/or more than one processor core.For example, the processor 410 may, for example, be one or more ARM,Intel x86, PowerPC processors or the like.

The memory 420 allows data to be stored and retrieved. The memory 420may include, for example, random access memory, read-only memory, andpersistent storage. Persistent storage may be, for example, flashmemory, a solid-state drive or the like. Read-only memory and persistentstorage are each a non-transitory computer-readable storage medium. Acomputer-readable medium may be organized using a file system such asmay be administered by an operating system governing overall operationof the example computing device 400.

The I/O module 430 allows the example computing device 400 to interactwith devices such as, for example, peripherals to send and receive data.The I/O module 430 may, for example, allow the example computing device400 to interface with input devices such as, for example, keypads,keyboards, pointing devices, and the like. In another example, the I/Omodule 430 may, for example, allow the example computing device 400 tointerface with output devices such as, for example, displays, printers,and the like. In a particular example, where the example computingdevice 400 forms a part of the automated teller machine 100 (FIG. 1)such as, for example, if the example computing device 400 is or forms apart of the controller 120 (FIGS. 1A and 1B) of the automated tellermachine 100, the I/O module 430 may allow the example computing device400 to interface with one or more of the display 130, the keypad 140,the item dispenser 150, the wireless token reader 170, and/or thecommunications module 310 depending, for example, on the particularconfiguration of the controller 120 and the components present in agiven automated teller machine.

Software comprising instructions is executed by the processor 410 from acomputer-readable medium. For example, software may be loaded intorandom-access memory from persistent storage of the memory 420.Additionally or alternatively, instructions may be executed by theprocessor 410 directly from read-only memory of the memory 420.

FIG. 5 depicts a simplified organization of software components storedin the memory 420 of the example computing device 400. As illustratedthese software components include an operating system 500 andapplication software 510.

The operating system 500 is software. The operating system 500 allowsthe application software 510 to access the processor 410, the memory420, and the I/O module 430. The operating system 500 may be, forexample, UNIX™, Linux™, Microsoft™ Windows™, Apple OSX™ or the like.

The application software 510 adapts the example computing device 400, incombination with the operating system 500, to operate as a deviceperforming a particular function. For example, the application software510 may cooperate with the operating system 500 to adapt a suitableembodiment of the example computing device 400 to operate as thecontroller 120 (FIGS. 1B and 2) of the automated teller machine 100 oras the back-office server system 210 (FIG. 2).

Operations performed by the automated teller machine 100 will bedescribed below with reference to FIG. 6.

FIG. 6 provides a flowchart 600 depicting example operations performedin a method of servicing a withdrawal. Operations starting with anoperation 602 and continuing onward are performed by one or moreprocessors of one or more computing device, such as, for example, theprocessor 410 (FIG. 4) of one or more suitably configured instances ofthe example computing device 400 (FIG. 4), executing software such as,for example, a suitable instance of the application software 510 (FIG.5). In a particular example, one or more of the operations may beperformed by a processor of the controller 120 (FIGS. 1B and 2) of theautomated teller machine 100 and/or a processor of the back-officeserver system 210. Additionally or alternatively, one or more of theoperations may be performed by a processor of an authentication tokenand/or by such a processor in co-operation with one or both of aprocessor of the controller 120 of the automated teller machine 100 anda processor of the back-office server system 210 as further describedbelow.

At the operation 602, the automated teller machine 100 detects that anauthentication token capable of wireless communication (which could bereferred to as a wireless authentication token) has been brought intothe communications range of the automated teller machine 100. Forexample, the automated teller machine 100 may detect using the wirelesstoken reader 170 that a wireless authentication token has been broughtinto communications range of the wireless token reader 170. Additionallyor alternatively, another wireless communications module such as, forexample, the communications module 310 may be employed to detect aproximate authentication token.

The authentication token is a physical device maintaining metadata,including metadata for authenticating wirelessly with devices such asthe automated teller machine 100 and metadata allowing identification ofat least one account of a financial institution. Such a wirelessauthentication token may take a variety of forms. In one example, thewireless authentication token may be an NFC-enabled token, such as forexample, an NFC card like an NFC credit or debit card (e.g., acontactless payment card). In another example, the wirelessauthentication token may be a device like a smartphone, a fob, a tablet,a smartwatch or other wearable, or an implant such as, for example, animplantable microchip. In a particular example, the wirelessauthentication token may be an NFC-enabled smartphone. For example, thewireless authentication token could be an NFC-enabled smartphonesupporting NFC-card emulation.

In a particular example, of an authentication token being brought intothe communications range of the automated teller machine 100, a user may“tap” their contactless payment card or device on the wireless tokenreader 170.

Following the detection of the wireless authentication token at theoperation 602, an operation 604 is next.

At the operation 604, the automated teller machine 100 communicates withthe authentication token using the wireless communication module toauthenticate the token. In particular, the automated teller machine 100and the authentication token may exchange one or more messages or othercommunications in order to cryptographically authenticate theauthentication token. For example, a challenge-response cryptographicprotocol may be employed in authenticating the authentication token. Ina particular example, dynamic data authentication (DDA) or combinedDDA/Application Cryptogram Generation (CDA) or variations thereof may beemployed. Details of DDA and DDA/CDA are set out in EMV Book 2—Securityand Key Management (version 4.3, November 2011, available from EMVCo™),the contents of each of which are incorporated herein by reference intheir entirety.

In some embodiments, the automated teller machine 100 may performauthentication of the authentication token offline, without theautomated teller machine 100 communicating with any remote servers. Inother embodiments, authentication may involve an online authenticationtechnique in which the automated teller machine 100 communicates with aserver such as, for example, the back-office server system 210 (FIG. 2)by way of a network such as, for example, the network 220 (FIG. 2), inauthenticating the authentication token. In a particular example, thenetwork may be an automated teller machine network such as, for example,the PLUS™ or Interac™ networks. It may be that the automated tellermachine 100 acts as a proxy or relay for communications between a remoteauthentication server responsible for authenticating the authenticationtoken as valid and the authentication token. Put differently theautomated teller machine 100 communicating wirelessly with theauthentication token to authenticate it may include the automated tellermachine acting as a relay for communications between the authenticationtoken and a remote authentication server.

Additionally, the authentication token may authenticate the automatedteller machine 100 as being a valid automated teller machine based onthe exchange. In other words, authentication between the authenticationtoken and the automated teller machine 100 may be mutual authenticationin which the automated teller machine authenticates the authenticationtoken and vice-versa. Mutual authentication may be online (involvingcommunication with a server) or offline (involving only communicationsbetween the automated teller machine 100 and an authentication token).

Following the operation 604, an operation 606 is next.

At the operation 606, the automated teller machine 100 communicates,using a wireless communication module, with the authentication token toreceive information identifying an account associated with the token.For example, the authentication token may provide a payment accountnumber (PAN) to the automated teller machine 100. In some embodiments,the automated teller machine 100 may receive an identifying value fromthe automated teller machine 100 and may then use that value to performa look-up to identify an account such as, for example, a bank accountnumber. In a particular example, the automated teller machine 100 maycommunicate one or more values received from the authentication tokenand/or determined based on the authentication token to a remote serversuch as, for example, the back-office server system 210, via a networksuch as, for example, the network 220, so that the server may performone or more look-ups in order to obtain account information that theserver may then communicate to the automated teller machine 100. It maybe that a network so employed is an automated teller machine networksuch as, for example, the PLUS™ or Interac™ networks.

Following the operation 606, an operation 608 next.

At the operation 608, processing of a possible withdrawal of a specifiedquantity of value instruments (e.g., banknotes) from the identifiedaccount (i.e., the account identified at the operation 606) isinitiated.

In some embodiments, this may involve receiving user input identifyingan amount to be withdrawn from the identified account. For example, anamount could be received by way of the keypad 140, through the use ofone or more context buttons (not shown) such as may be providedalongside the display 130, and/or via the display 130 such as, forexample, if the display 130 is a touchscreen. It may be that theuser-input identifies an amount to be withdrawn from the account.Additionally or alternatively, the user-input may identify quantities ofparticular denominations of value instruments to be withdrawn. In aparticular example, user-input may identify that $100 is to be withdrawnand/or may specify that 3×$20 bills, 2×$10 bills, and 4×$5 bills are tobe withdrawn.

In some embodiments, the amount to be withdrawn may be a pre-definedamount. Conveniently, the amount to be withdrawn being a pre-definedamount may avoid the need to receive user-input identifying the amountto be withdrawn. Consequently, if all withdrawals using a given instanceof the automated teller machine 100 as for pre-defined amounts, inputdevices for receiving user-input identifying the amount to be withdrawncan potentially be omitted from the automated teller machine 100. Forexample, if all withdrawals using a given machine are for pre-definedamounts and a second authentication factor is not required (e.g., no PINis required) then input devices like the keypad 140 could be omittedfrom the automated teller machine entirely. Such a variation of theautomated teller machine 100 is discussed in greater detail below.

Pre-defined amounts may be defined in a variety of manners.

In some cases, a pre-defined amount could be associated with theauthentication token (e.g., a particular ATM card) and/or the identifiedaccount. For example, in configuring their authentication token and/ortheir account, users may be permitted to identify a pre-determined “fastcash” amount for use in making quick withdrawals without having toprovide a second authentication factor.

Additionally or alternatively, the pre-defined amount could beassociated with a customer such as, for example, a particular customerwith which the authentication token and/or the identified account isassociated. It may, for example, be that the customer is able topre-define an amount for single-authentication factor withdrawals at anearlier time (e.g., before the method of FIG. 6 is performed) and thisamount may then be stored in a profile associated with that customersuch as, for example, in a database. In some cases, the pre-determinedamount selected by the customer may include a pre-determined mix ofvalue instruments of specified denominations as further described below.The automated teller machine 100 may communicate with a server such as,for example, the back-office server system 210 via a network such as,for example, the network 220 to receive such an amount from a profile.For example, the server may obtain it from the aforementioned profileand responsive to the automated teller machine 100 and may then providethe amount to the automated teller machine responsive to the request.

Additionally or alternatively, there may be a pre-defined amountassociated with the automated teller machine 100 and/or the wirelesstoken reader 170. Such an amount could, for example, be a fallbackamount for cards/users/accounts for which other pre-defined amount hasbeen configured. Additionally or alternatively, it could be that, insome embodiments, the automated teller machine includes multiplewireless token readers each associated with a different pre-definedamount and that users may select an amount to withdraw by bringing theirauthentication token into proximity of the wireless token readerassociated with a particular amount they wish to withdraw.

In some cases, specification of such a pre-defined “fast cash” amountmay include identification of desired or preferred quantities ofbanknotes of particular denominations to be provided in satisfying thewithdrawal such as, for example, the above example of $100 made up of3×$20 bills, 2×$10 bills, and 4×$5 bills.

However the specified quantity of value instruments desired to bewithdrawn from the account is identified, processing the withdrawalincludes determining whether or not the withdrawal is executable withoutfurther authentication.

Whether or not the withdrawal is executable without furtherauthentication may be determined based on an automated assessment ofcompliance with one or more policies.

The one or more policies may be identified based on the authenticationtoken, an account identified at the operation 606 and/or profiles of oneor more customers associated with the authentication token and/or theaccount. For example, the policies may be identified by performing adatabase look-up based on information obtained from the authenticationtoken and/or information deriving therefrom. The policies may beidentified by the automated teller machine 100, by the authenticationtoken, and/or by a remote server such as, for example, the back-officeserver system 210. Further, whether executing the withdrawal wouldcomply with such policies may be determined by the automated tellermachine 100, by the authentication token, and/or by a remote server suchas, for example, the back-office server system 210. In a particularexample, the automated teller machine 100 may co-operate with one orboth of the authentication token and/or one or more remote servers inorder (e.g., via a network such as, for example, the network 220) toidentify the relevant policies and/or to assess compliance therewith.

Policies may be selected in order to or in an effort to minimize therisk of fraudulent withdrawals. Additionally or alternatively, policiesmay be intended to mitigate such risks such as, for example, by limitingthe loss to the financial institution associated with the accountidentified at the operation 606 such as, for example, by attempting tolimit the amount of such losses. At the same time, policies may also beselected in order to limit inconvenience to particular customers. Forexample, a high-value customer of a financial institution may beafforded a more lenient policy if this institution is willing to accepta greater risk in order to maintain a relationship with that customer.

Policies may take a variety of forms.

For example, a policy may provide an upper limit of withdrawals madewithout a second authentication factor within a given interval (e.g., aday, a week, a month). In some cases, multiple such policies may beprovided such as, for example, a daily limit and a weekly limit. In somecases, such a policy may be reset by suitable account activity such as,for example, an intervening transaction utilizing the authenticationtoken in which a second authentication factor is provided. In otherwords, the policy may involve a limit on the number of successivewithdrawals (e.g., from the identified account) that can be made withoutuse of a second authentication factor.

In another example of a policy, a limit on the total amount withdrawnwithin a given interval (e.g., a day, a week, a month) may be provided.In some cases, multiple such policies may be provided such as, forexample, a daily total limit and a weekly total limit. In some cases,such a policy may be reset by suitable activity or occurrence such as,for example, an intervening transaction utilizing the authenticationtoken in which a second authentication factor is provided.

In another example of a policy, a proposed withdrawal may be assessedusing an automated anti-fraud system of a financial institution todetermine whether it is approvable. For example, it could be thatparticulars of the withdrawal including, for example, amount, locationof the ATM, time of day, etc. may be provided to an automated anti-fraudserver via a network such as, for example, the network 220, and theanti-fraud server may, responsive to provision of such information,provide an indication as to whether the withdrawal should be permittedwithout provision of a second authentication factor.

Various policies may be considered in combination. In some embodiments,compliance with such a policy set may require that all of the policiesare satisfied (e.g., all conditions of all of the policies are met). Inother cases, compliance may require any one of a given set of policiesare satisfied. Additionally or alternatively, compliance may requirethat one or another of various policies are satisfied while any ofanother group of policies are not violated. In a particular example,relationships between policies may be expressed by a Boolean combinationof policies that, when true, allows the withdrawal to proceed, while thewithdrawal will not be allowed based on a single authentication factoralone if the combination is false (or vice-versa).

If it is determined based on the automated assessment of compliance withone or more policies that the withdrawal is executable without furtherauthentication, an operation 610 is next. Alternatively, if it isdetermined that the withdrawal is not executable without furtherauthentication and that, therefore, further authentication would berequired in order to execute the withdrawal, then an operation 612 isnext.

At the operation 610, the withdrawn amount is dispensed. In other words,specified quantity of value instruments is dispensed by the automatedteller machine 100 to satisfy the withdrawal. Notably, where theoperation 610 is reached directly from the operation 608, the dispensingwill occur without the automated teller machine 100 or a server havingreceived (or sought) user-input providing a second authenticationfactor. For example, no PIN is required in order to for the withdrawaland the dispensing of value instruments to proceed.

The value instruments are dispensed by the automated teller machine 100by way of a value instrument dispenser such as, for example, thecombination of the item dispenser 150 and the cassettes 160.

Where the specified quantities of value instruments includes anidentification of particular denominations, it may be expected that anATM servicing a withdrawal will provide those denominations on a “besteffort” basis, providing a partial amount and/or different denominationsto make up the same total amount (or a lesser but close amount) wheresufficient banknotes of a particular denomination are not available fromthat ATM. Alternatively, where such an identification of particulardenominations is provided—e.g., as part of a pre-determined amount likea “fast cash” amount—it may be that the withdrawal will fail with anerror if it cannot be satisfied as specified. In yet anotheralternative, a user may be asked to confirm that an alternativeconfiguration of value instruments providing the same total amount (or aclose amount thereto) is acceptable such as, for example, by way ofproviding input through use of the keypad 140 and/or by again bringingthe authentication token item range of the wireless token reader 170(e.g., by “tapping” their token on the wireless token reader 170).

In preparation for or further to dispensing the specified quantity ofvalue instruments, the automated teller machine 100 takes steps toprovide for a debit of the account identified at the operation 606 inthe accordance with total value of the quantity of value instrumentsdispensed. For example, it may be that the account is to be debited bythe total amount represented by the specified quantity of valueinstruments. Such a debit may involve communicating—e.g., via a networksuch as the network 220—with a remote server such as, for example, theback-office server system 210. In a particular example, the network soemployed may be an automated teller machine network such as, forexample, the PLUS™ or Interac™ networks. Notably, a debit of an accountas a part of the withdrawal transaction may, in some embodiments, beperformed in manners consistent with or similar to reflecting such adebit further to a conventional two-authentication-factor ATMwithdrawal.

Alternatively, if it is determined at the operation 608 that thewithdrawal is not executable without further authentication and that,therefore, further authentication would be required in order to executethe withdrawal, then the operation 612 follows.

At the operation 612, an additional authentication factor may beobtained. For example, an indication requesting provision of anotherauthentication factor may be provided such as, for example, by way ofthe display 130. In a particular example, the second authenticationfactor may be received through user-input via an input device of theautomated teller machine 100. For example, the second authenticationfactor may be or may include a personal identification number (PIN) tobe provided by way of the keypad 140. Accordingly, it may be that anindication is provided soliciting such user-input.

The second authentication factor may be received and then verified. Insome embodiments, the automated teller machine 100 may communicate witha remote server such as, for example, the back-office server system 210via a network, such as, for example, the network 220, in order tovalidate the second authentication factor. Additionally oralternatively, the second authentication factor may be validated bycommunicating with the authentication token such as using the wirelesstoken reader 170.

If the second authentication factor is confirmed, then the operation 610is next so that the withdrawal may be satisfied. Alternatively, if thesecond authentication factor is not provided or validation thereoffails, an error may be provided and the withdrawal may fail.

The operations forming the method of FIG. 6 are provided by way ofexample. Variations on those operations and the method of FIG. 6 arepossible while remaining within the scope of the subject matter of thepresent application.

For example, it could be that communication with the authenticationtoken in order to validate it and communication with the authenticationtoken in order to obtain information identifying an account form part ofthe same exchange. It could, for example, be that the informationidentifying the account is obtained as a part of or as a by-product ofvalidating the authentication token.

In another example of a variation, FIG. 7 provides a flowchart 700depicting example operations performed in selectively either servicing awithdrawal and/or providing access to a full suite of transactions(e.g., deposits, transfers, and withdrawals). Operations starting withan operation 702 and continuing onward are performed by one or moreprocessors of one or more computing device, such as, for example, theprocessor 410 (FIG. 4) of one or more suitably configured instances ofthe example computing device 400 (FIG. 4), executing software such as,for example, a suitable instance of the application software 510 (FIG.5). In a particular example, one or more of the operations may beperformed by a processor of the controller 120 (FIGS. 1B and 2) of theautomated teller machine 100 and/or a processor of the back-officeserver system 210. Additionally or alternatively, one or more of theoperations may be performed by a processor of an authentication tokenand/or by such a processor in co-operation with one or both of aprocessor of the controller 120 of the automated teller machine 100 anda processor of the back-office server system 210.

At the operation 702, the automated teller machine 100 detects that awireless authentication token has been brought into the communicationsrange of the automated teller machine 100. The operation 702 isanalogous to the operation 602 (FIG. 6) and similar considerations applyto the operation 702 as to the operation 602. For example, the operation702 may have details that are the same or similar to the operation 602.

Following the operation 702, an operation 704 is next.

At the operation 704, the automated teller machine 100 communicates withthe authentication token using the wireless communication module toauthenticate the token. The operation 704 is analogous to the operation604 (FIG. 6) and similar considerations apply to the operation 704 as tothe operation 604. For example, the operation 704 may have details thatare the same or similar to the operation 604.

Following the operation 704, an operation 706 is next.

At the operation 706, the automated teller machine 100 communicates,using a wireless communication module, with the authentication token toreceive information identifying an account associated with the token.The operation 706 is analogous to the operation 606 (FIG. 6) and similarconsiderations apply to the operation 706 as to the operation 606. Forexample, the operation 706 may have details that are the same or similarto the operation 606.

Following the operation 706, an operation 708 is next.

At the operation 708, user input selecting a service type is received bythe automated teller machine 100. In particular, the input may selectbetween a withdrawal such as may potentially be executed withoutrequiring a second authentication factor (e.g., “fast cash” or “quickcash”) and between receiving access to a full suite of ATM services suchas, for example, access to deposits, withdrawals, transfers, etc.

User input indicating a type of service may be received by way of aninput device, such as, for example, the keypad 140. In some cases, aprompt may be provided soliciting such input such as, for example, byway of user interface such as may be presented by way of the display130.

Following receipt of the user input at the operation 708, an operation710 is next.

At the operation 710, the automated teller machine 100 evaluates theinput received at the operation 708. If the provided user-inputindicates a choice to access a full suite of ATM services (“Full ATMServices”), an operation 712 is next. If the provided user-inputindicates a choice to proceed with a withdrawal such as may potentiallybe executed without requiring a second authentication factor (“QuickCash”), an operation 718 is next.

At the operation 712, a further authentication factor is obtained. Forexample, the user may be prompted to provide a PIN. Considerations anddetails of the operation 712 may be the same or similar to the operation612 above.

Following the operation 712, an operation 714 is next.

At the operation 714, access to a full suite of ATM services may beprovided. Notably the combination of the operation 712 and the operation714 may correspond to receiving a user PIN at a conventional ATM andthen providing access to services by a conventional ATM.

As mentioned above, if the user selected to proceed with “quick cash”withdrawal at the operation 708, an operation 716 follows the operation710.

At the operation 716, processing of a possible withdrawal of a specifiedquantity of value instruments (e.g., banknotes) from the identifiedaccount (i.e., the account identified at the operation 706) isinitiated. The operation 716 is analogous to the operation 608 (FIG. 6)and similar considerations apply to the operation 716 as to theoperation 608. For example, the operation 716 may have details that arethe same or similar to the operation 608.

Following the operation 716, depending on whether the withdrawal isexecutable without further authentication, an operation 718 or anoperation 720 is next. The operation 718 and the operation 720 areanalogous to the operation 610 and 612 (FIG. 6), respectively, andsimilar considerations apply to the operation 718 and to the operation720 as apply to corresponding one of the operations 610-612. Forexample, the operation 718 may have details that are the same or similarto the operation 610 and similarly for the operation 720 and theoperation 612. For example, as illustrated, the operation 718 may followthe operation 720 where the withdrawal is not executable without receiptof a further authentication factor, analogous to how the operation 610may follow the operation 612 in similar circumstances.

As noted above, the methods of FIG. 6 and FIG. 7 and the automatedteller machine 100 are each capable of variation.

In some embodiments, the automated teller machine 100 may include othercomponents. For example, the automated teller machine 100 may include acontact card reader for reading magnetic stripe and/or chip ATM cards.Where a customer employs such a card reader, it may be that singlefactor withdrawals are not permitted. Alternatively, it may be that theinsert of a chip card (e.g., an EMV-enabled card) allows similarauthentication of the card and the obtaining of analogous information asat the operations 604 and 606 and that a method akin to the method ofFIG. 6 (or FIG. 7) can be accessed based on such information in order toexecuted single-authentication-factor withdrawal.

In any event, it is contemplated that the automated teller machine 100may omit such contact card reader as analogous function may be providedby the wireless token reader 170. Put differently, it may be that theautomated teller machine 100 does not include a contact card reader. Itis noted that in conventional automated teller machines, such contactcard readers may be the source of many failures or breakdowns.Accordingly, it may be desirable to omit such a component in order toprovide a more reliable automated teller machine.

In another example of a variation of the automated teller machine 100,FIG. 8 shows an automated teller machine 800 which is a variation of theautomated teller machine 100 in which the keypad 140 has been omitted.The automated teller machine 800 may have internals analogous to theautomated teller machine 100 and may perform operations analogousthereto.

Notably, however, it may that because the automated teller machine 800does not have a keypad, it cannot receive a PIN as a secondauthentication factor. Additionally or alternatively, the automatedteller machine 800 may omit components necessary for servicing deposits(e.g., deposit cassettes, item scanners, etc.). Accordingly, it may bethat the automated teller machine 800 is a withdrawal-only ATM. Moreparticularly, it may be that the automated teller machine 800 is asingle-authentication-factor withdrawal-only ATM such as may be referredto as a “fast cash” ATM. Notably, it may also be that such a “fast cash”ATM also omits one or more output devices such as, for example, adisplay (e.g., the display 130), if, for example, only withdrawals ofpre-determined amounts are permitted. An automated teller machineomitting one or more components (e.g., a keypad, a display, etc.) may bemore inexpensive to manufacture and/or may be more reliable than aconventional ATM and/or the automated teller machine 100 due toreduction in costs or failures attributable otherwise attributable tothe omitted components.

In acting as a “fast cash” single-authentication-factor-onlywithdrawal-only automated teller machine (“a withdrawal kiosk”), theautomated teller machine 800 may perform a variation of the methodillustrated in FIG. 6. In particular, it may be that where it isdetermined at the operation 608 that the withdrawal is not executablewithout further authentication, then, rather than, proceeding to theoperation 612, the withdrawal may simply fail and an error may beprovided.

The automated teller machine 800 may be particularly suited fordeployment in particular environments. For example, it may be preferredto deploy conventional automated teller machines in isolated areas of agiven venue so as to provide privacy for users of the automated tellermachine in performing operations such as, for example, the entry ofsensitive information such as personal identification numbers and/or thedisplay of sensitive information such as account details. By contrast,the automated teller machine 800, because it may not need to provideentry and/or to display such sensitive information in order to servicesingle-authentication factor withdrawals, may be deployable inless-isolated areas as might not be favoured for deployment of aconventional ATM. For example, it may be that the automated tellermachine 800 can be deployed in a busy area of a train station or asports venue. Conveniently, it may be that such areas offer benefits ascompared to more isolated areas, such as, for example a potentiallyreduced risk of robbery of the ATM and/or its users.

In another example, the automated teller machine 800 may be particularlysuited for deployment in drive-thru scenarios in which customers areexpected to operate the automated teller machine 800 from their vehicle.In other words, in some cases, the automated teller machine 800 may beconsidered a drive-thru automated teller machine. Notably, it may bedesirable to allow customers to avoid the need to provide a secondauthentication factor such as, for example, a PIN when they are using adrive-thru ATM in order to avoid the need to reach out a vehicle windowsuch as to provide input to the ATM. Conveniently, asingle-authentication factor withdrawal using the automated tellermachine may avoid the need to provide such input, especially where apre-determined withdrawal amount is employed.

Variations of the automated teller machine 800 (or, more generally, theautomated teller machine 100) may be particularly suited for drive-thruapplications. FIGS. 9A and 9B show variants of the automated tellermachine 800 in which the wireless token reader 170 is separable from thebody of the automated teller machine 800. In particular, the wirelesstoken reader 170 is disposed in a separate component linked to the bodyof the automated teller machine 800, with that component configured toallow displacement of that component away from the body of the automatedteller machine towards a customer such as, for example, towards avehicle visiting the drive-thru automated teller machine.

As shown in FIG. 9A, the linkage between the wireless communicationmodule (the wireless token reader 170) involves a telescoping member910. The telescoping member 910 allows the wireless token reader 170 tobe extended away from the automated teller machine 800. In someembodiments, it may be that the telescoping member 910 includes aretraction mechanism (e.g., using a loaded spring) that willautomatically draw the wireless token reader 170 back towards theautomated teller machine 800 when released by a user (e.g., after theyfinish using it to read their authentication token). In someembodiments, the telescoping member 910 may also include a pivoting link(e.g., a universal joint) to allow the wireless token reader 170 to bepivoted relative to the body of the automated teller machine 800. Thewireless token reader 170 may be connected to the body of the automatedteller machine 800 proper by way of an electrical link included in thetelescoping member 910 for communicating power and/or signalstherebetween. Additionally or alternatively, the wireless token reader170 may communicate wirelessly with the automated teller machine 800such as, for example, by a local wireless technology such as, forexample, using Bluetooth™.

In another example of a linkage between the wireless token reader 170and the body of the automated teller machine 800, it may be that, asillustrated in FIG. 9B, the wireless token reader 170 is linked to thebody of the automated teller machine 800 by way of an electrical cable920 that serves as an electrical umbilical cord and may communicatepower and/or signals between the wireless token reader 170 and theautomated teller machine 800 proper. Also akin to the telescoping member910, the electrical cable 920 may be retractable.

Other linkages are also contemplated, for example, a link could includea telescoping member and an electrical cable extending therefrom.

An example use case of a variation of the automated teller machine 800having a separate wireless communication module is shown in FIG. 10. Theexample use case illustrated in FIG. 10 involves a drive-thru. Inparticular, FIG. 10 shows a situation where a vehicle 1000 has pulled upbeside the automated teller machine 800. An operator 1010 of the vehicle1000 has displaced the wireless token reader 170 away from the body ofthe automated teller machine 800 and into the interior of the vehicle,with the electrical cable 920 extending through a window of the vehicle.Such a scenario may be particular desirable where, as shown, thedrive-thru is located outside in winter weather. Conveniently, where theautomated teller machine 800 is so employed a user may only need toreach outside the vehicle in order to access the wireless token reader170 and in order to receive the value instruments dispensed to satisfytheir withdrawal.

Notably, with a conventional drive-thru ATM, a user may have to reachinto the weather in order to key a PIN and/or provide input selecting awithdrawal amount. Further, because this may require some dexterity inorder to use a keypad and/or bare skin in order to drive a touchscreen,the user may not be able to wear gloves when so reaching out into frigidconditions. Furthermore, neither operation may be possible while wearingmittens. By contrast, because the user of the automated teller machine800 does not need to key such input, the user may be able to avoidhaving to reach into the cold without gloves, with both the retrieval ofthe wireless token reader 170 and the dispensed value instruments beinglow-dexterity activities that the user can readily perform while wearinggloves or even mittens.

Example embodiments of the present application are not limited to anyparticular operating system, system architecture, mobile devicearchitecture, server architecture, or computer programming language.

It will be understood that the applications, modules, routines,processes, threads, or other software components implementing thedescribed method/process may be realized using standard computerprogramming techniques and languages. The present application is notlimited to particular processors, computer languages, computerprogramming conventions, data structures, or other such implementationdetails. Those skilled in the art will recognize that the describedprocesses may be implemented as a part of computer-executable codestored in volatile or non-volatile memory, as part of anapplication-specific integrated chip (ASIC), etc.

As noted, certain adaptations and modifications of the describedembodiments can be made. Therefore, the above discussed embodiments areconsidered to be illustrative and not restrictive.

What is claimed is:
 1. An automated teller machine comprising: aprocessor; a first wireless communications module coupled to theprocessor; a banknote dispenser coupled to the processor; and a memorycoupled to the processor and storing instructions that, when executed bythe processor, cause the automated teller machine to: detect, using thefirst wireless communications module, that an authentication tokencapable of wireless communication has been brought into communicationsrange of the first wireless communications module; communicate with theauthentication token using the first wireless communication module tocryptographically authenticate the authentication token and to receiveinformation identifying an account associated with the authenticationtoken; determine, based on an automated assessment of compliance withone or more policies, that dispensing may occur without furtherauthentication; and dispense, subsequent to the determination and usingthe banknote dispenser, banknotes totalling to a pre-defined amountassociated with the first wireless communications module.
 2. Theautomated teller machine of claim 1, wherein the banknotes totalling tothe pre-defined amount are dispensed without receiving a secondauthentication factor.
 3. The automated teller machine of claim 1,wherein the pre-defined amount is further associated with at least oneof the authentication token and the account.
 4. The automated tellermachine of claim 1, wherein the authentication token includes a paymentcard.
 5. The automated teller machine of claim 1, wherein the automatedteller machine does not include a contact card reader.
 6. The automatedteller machine of claim 1, wherein the automated teller machine does notinclude a display.
 7. The automated teller machine of claim 1, whereinthe automated teller machine does not include a keypad.
 8. An automatedteller machine comprising: a processor; a first wireless communicationsmodule coupled to the processor; a banknote dispenser coupled to theprocessor; a memory coupled to the processor and storing instructionsthat, when executed by the processor, cause the automated teller machineto: detect, using the first wireless communications module, that anauthentication token capable of wireless communication has been broughtinto communications range of the first wireless communications module;communicate with the authentication token using the first wirelesscommunication module to cryptographically authenticate theauthentication token and to receive information identifying an accountassociated with the authentication token; dispense, using the banknotedispenser, banknotes totalling to a pre-defined amount associated withthe first wireless communications module; and a plurality of wirelesscommunications modules, the plurality of wireless communications modulesincluding the first wireless communications module, wherein the wirelesscommunications modules of the plurality of wireless communicationsmodules are associated with respective amounts, the pre-defined amountbeing the one of the amounts associated with the first wirelesscommunications module.
 9. The automated teller machine of claim 8,wherein the instructions, when executed by the processor, further causethe automated teller machine to: detect, using a second wirelesscommunications module of the plurality of wireless communicationmodules, that a second authentication token capable of wirelesscommunication has been brought into communications range of the secondwireless communications module; communicate with the secondauthentication token using the second wireless communication module tocryptographically authenticate the second authentication token and toreceive information identifying an account associated with the secondauthentication token; and dispense, using the banknote dispenser,banknotes totalling to the amount associated with the second wirelesscommunications module.
 10. The automated teller machine of claim 8,wherein the banknotes totalling to the pre-defined amount are dispensedwithout receiving a second authentication factor.
 11. The automatedteller machine of claim 8, wherein the pre-defined amount is furtherassociated with at least one of the authentication token and theaccount.
 12. The automated teller machine of claim 8, wherein theauthentication token includes a payment card.
 13. The automated tellermachine of claim 8, wherein the automated teller machine does notinclude a contact card reader.
 14. The automated teller machine of claim8, wherein the automated teller machine does not include a display. 15.The automated teller machine of claim 8, wherein the automated tellermachine does not include a keypad.
 16. A method comprising: detecting,using a first wireless communications module of an automated tellermachine, that an authentication token capable of wireless communicationhas been brought into communications range of the first wirelesscommunications module; communicating with the authentication token usingthe first wireless communication module to cryptographicallyauthenticate the authentication token and to receive informationidentifying an account associated with the authentication token;determining, based on an automated assessment of compliance with one ormore policies, that dispensing may occur without further authentication;and dispensing, subsequent to the determination and using a banknotedispenser of the automated teller machine, banknotes totalling to apre-defined amount associated with the first wireless communicationsmodule.
 17. The method of claim 16, wherein the banknotes totalling tothe pre-defined amount are dispensed is dispensed without receiving asecond authentication factor.
 18. The method of claim 16, wherein thepre-defined amount is further associated with at least one of theauthentication token and the account.
 19. The method of claim 16,wherein the authentication token includes a payment card.
 20. The methodof claim 16, wherein the automated teller machine does not include acontact card reader.
 21. The method of claim 16, wherein the automatedteller machine does not include a display.
 22. The method of claim 16,wherein the automated teller machine does not include a keypad.
 23. Themethod of claim 16, wherein the authentication token includes a paymentcard.
 24. A method comprising: detecting, using a first wirelesscommunications module of an automated teller machine, that anauthentication token capable of wireless communication has been broughtinto communications range of the first wireless communications module;communicating with the authentication token using the first wirelesscommunication module to cryptographically authenticate theauthentication token and to receive information identifying an accountassociated with the authentication token; and dispensing, and using abanknote dispenser of the automated teller machine, banknotes totallingto a pre-defined amount associated with the first wirelesscommunications module, wherein the automated teller machine includes aplurality of wireless communications modules, the plurality of wirelesscommunications modules including the first wireless communicationsmodule, and wherein the wireless communications modules of the pluralityof wireless communications modules are associated with respectiveamounts, the pre-defined amount being the one of the amounts associatedwith the first wireless communications module.
 25. The method of claim24, further comprising: detecting, using a second wirelesscommunications module of the plurality of wireless communicationmodules, that a second authentication token capable of wirelesscommunication has been brought into communications range of the firstwireless communications module; communicating with the secondauthentication token using the second wireless communication module tocryptographically authenticate the second authentication token and toreceive information identifying an account associated with the secondauthentication token; and dispensing, using the banknote dispenser,banknotes totalling to the amount associated with the second wirelesscommunications module.
 26. The method of claim 24, wherein the banknotestotalling to the pre-defined amount are dispensed is dispensed withoutreceiving a second authentication factor.
 27. The method of claim 24,wherein the pre-defined amount is further associated with at least oneof the authentication token and the account.
 28. The method of claim 24,wherein the automated teller machine does not include a contact cardreader.
 29. The method of claim 24, wherein the automated teller machinedoes not include a display.
 30. The method of claim 24, wherein theautomated teller machine does not include a keypad.